In the aftermath of the most recent cyber-attacks, and the media attention around them, it’s no surprise that people are becoming increasingly concerned about the security of their personal data. Here at old mutual wealth this is a subject we always take a great interest in and believe we have the toughest precautions in place to protect customers from identity theft and fraud.
Over the next few weeks we’ll be running a mini-series of articles on data security, including ways to stay safe online and details of our own stringent safety measures.
To begin the series we asked our own personal-data privacy guru, Lucy Farrow, for her top tips on frustrating the fraudsters and enjoying a happy online experience.
Here’s how to stay safe online
Never click on a link you did not expect to receive.
The main way criminals infect computers with malware is by luring users to click on a link or open an attachment. These are known as phishing emails and sometimes contain obvious spelling mistakes and poor grammar, making them easier to spot. However, criminals are becoming more sophisticated, making phishing emails appear more genuine. If you’re not sure whether an email is genuine and it’s from a company that you do business with, contact them by telephone to query the email.
Use different passwords on different sites
With people typically having anything up to 100 online accounts, the tendency has become to share one or two passwords across accounts, or to use very simple ones, such as family names, pet names or favourite sports teams. Ofcom recently revealed that over half of uk adults (55%) use the same passwords for most, if not all, websites they visit!
Never reuse your main email password
A hacker who has cracked your main email password has the keys to your virtual kingdom. Passwords from the other sites you visit can be reset via your main email account. A criminal can trawl through your emails and find a treasure trove of personal data; from banking information to passport details, including your date of birth, all of which enables id fraud. Identity theft is estimated to cost the uk almost £2bn a year.
Use anti-virus and anti-spyware
Anti-virus and anti-spyware software, more easily defined as anti-malware software, are probably the most important pieces of software any windows system can have. While macs, linux, and other systems are vulnerable to virus and spyware attacks as well, the design of their systems and their lower market share have made them less desirable to malicious software developers.
If in doubt, block!
If you are unsure, just say no to social media invitations (such as facebook or linkedin connection requests) from people you don’t know. It’s the cyber equivalent of inviting the strange person who ogles you at the bus stop into your home!
Think before you tweet and how you share information
Again, the principle risk is id fraud. Trawling for personal details is the modern day equivalent of “dumpster-diving”, in which strong-stomached thieves would wade their way through your bins searching for personal documents. Once your personal information is out there you have no way of controlling how other people use it.
Use your ‘wipe your phone’ feature
Features such as 'find my iphone', 'android lost' or 'blackberry protect' allow you to remotely erase all your personal data should your device be lost or stolen.
Only shop online via secure sites
Before entering your card details and personal data, always ensure that the locked padlock or unbroken key symbol is showing in your browser. Additionally, the beginning of the online retailer’s internet address will change from “http” to “https” to indicate a connection is secure. You should be wary of sites that change back to http once you have logged on.
Don’t assume that banks will pay you back
Banks may refund a customer if he or she has been the victim of fraud, unless they can prove that the customer has acted fraudulently or been grossly negligent. As with any case of fraud, the matter is always determined on an individual basis. A customer who has been a victim of a phishing scam by unwittingly providing a fraudster with their account details and passwords, only to be later defrauded, could be refunded. However, if they were to fall victim to the same fraud in the future, after the bank had educated them about how to stay safe online, it is possible that the bank would be within its right to deny a refund.
Pop-ups can contain malicious software which can trick a user into verifying something. If you do, a download will be performed in the background, which essentially is designed to install malware (software specifically designed to disrupt or damage a computer system). This is known as a “drive-by” download. Always ignore pop-ups offering things like site surveys on e-commerce sites, as this is sometimes where the malware is.
Be wary of public wi-fi
Most wi-fi hotspots do not encrypt (concealing data by converting it into a code) information and once a piece of data leaves your device headed for a web destination, it is “in the clear” as it transfers through the air on the wireless network. This means that any “packet sniffer” (a program that can intercept data) or malicious individual who is sitting in a public destination with a piece of software that searches for data being transferred on a wi-fi network, can intercept your unencrypted data. Would you want to log in to your online banking via an unsecure wi-fi network?
Don’t store your debit or credit card details on websites
You should always err on the side of caution when asked if you want to store your credit card details for future use. Whilst you may trust the online retailer as a brand, how much do you understand about their own security arrangements?
Lock your phone and tablet devices
Keep it locked, just as you would your front door. Keying in a password or code 40-plus times a day might seem like a hassle, but it’s your first line of defence. Next generation devices now have the ability to employ fingerprint scanning technology as additional security.
Take extra care on auction sites
On these sites in particular, check the seller feedback and if a deal looks too good to be true, then it probably is! Keep your online payment accounts secure by regularly changing your passwords, checking the bank account to which it is linked, and consider having a separate bank account or credit card for use on them, as this could limit any potential fraud.
Lock down your facebook account
Facebook regularly updates its timeline and privacy settings, so it is sensible to monitor your profile, particularly if you see that the design of facebook has changed. In the privacy settings menu, under “who can see my stuff?” Change this to “friends”. Beware of changing the setting to “friends of friends” as, on average, you could be sharing your information with at least 150,000 people. You can also disable the ability of other search engines to link to your timeline.
Remember you are only human
While many of the above are technical solutions to prevent you being hacked and scammed, hacking done well is really the skill of tricking human beings, not computers, by preying on their gullibility, taking advantage of trust or greed. Human error is still the most likely reason why you’ll get hacked.
Taking the above precautions means you are less likely to end up being one of the statistics!
Lucy Farrow is Financial Crime & Data Privacy Specialist at Old Mutual Wealth.